Manage Cloud Accounts

The platform provides integration with multiple cloud platforms – both Public & Private Clouds. You require an existing account in the respective clouds to connect them with CoreStack™, as it needs the Cloud Account credentials in order to orchestrate these clouds. Rest assured, these credentials are encrypted and highly secure while with CoreStack™.

The Cloud Accounts are the targets against which the orchestration templates would be executed. Adding Cloud Accounts is one of the pre-requisites before you can start executing templates in CoreStack™.

CoreStack™ currently supports the following Services:

Platform Type Professional Enterprise
Public Clouds AWS, Azure, OpenStack Powered Public Clouds AWS, Azure, OpenStack Powered Public Clouds, Oracle
Private Clouds OpenStack OpenStack, vCenter, Azure Pack, CloudStack

Tips:

  1. In the SaaS version, you cannot add a Private Cloud unless it is exposed through a Public IP (you need to provide an end-point that is accessible from internet). CoreStack™ is also offered as an on-premises installation, using which you can add Private Clouds available BTF (Behind The Firewall).
  2. You can add multiple Accounts under the same cloud, as long as the endpoint or access credentials are different.

Adding Cloud Accounts

Typically, adding a cloud account involves providing the URL / endpoint of the service and the credentials to access it. This is a one-time process to provide CoreStack™ the target environment and the authentication parameters. The information is encrypted and saved within CoreStack™. This is used while connecting to these services during Template execution.l
To start adding your cloud accounts, follow the steps below:

  1. Navigate to the Cloud Accounts page – Settings Icon in top right > Select Cloud Accounts
  2. Select the Cloud of your choice – Public or Private

Clicking Public displays options as shown below:

Cloud Accounts - Public

 

Clicking Private displays options as shown:

Cloud Accounts - Private

New Cloud Account

  • Click on your preferred public cloud service providers to create a new cloud service account.
  • Click on the “+” icon to add a new account for this cloud

  • In the pop-up that opens up, provide the following details:
    • Name
    • Description
    • Username
    • Password
    • Domain
    • Auth URL
  • Click Create.

 

Cloud Accounts - New Service Accounts

The detailed instructions on where to get the required information for each cloud platform is provided below.

Steps to add OpenStack Account

Supported Version: Openstack Mitaka release with keystone version v2.0 or lower

Attributes required for adding an OpenStack Cloud Account in CoreStack™:

Attribute Name Attribute Description
Name Preferred Name for this Cloud Account. This will be reflected in the Dashboards and elsewhere within CoreStack™.
Description A free format text, describing this specific Cloud Account and what it wil be used for. This is for internal reference of you and your team.
Auth URL This is the Identity url given in “API Access” under “Access & Security” in your OpenStack account.(See Instructions below on where to get this URL when logged into OpenStack Horizon Dashboard)
Username Username of the OpenStack account (same as what you use for logging into Horizon Dashboard)
Password Password for the OpenStack account (same as what you use for logging into Horizon Dashboard)
Tip:

The list of attributes and instructions are same irrespective of whether you are adding an OpenStack Public Cloud account or a Private Cloud account.

 

Limitations:

User must have admin privileges for all the tenants for which the user is mapped to. This is required for authorization within OpenStack to invoke the service list calls. Without this authorization, OpenStack Mistral Template cannot be executed in CoreStack™.

Instructions to get the Auth URL from OpenStack Horizon Dashboard:

  • Log into the OpenStack Horizon Dashboard with the credentials that you intend to add to CoreStack™
  • Click Project in the side menu. In the drop-down menu that appears, click Compute
  • In the right panel, select the API Access tab
  • The table showing the list of API Endpoints with the columns Service and Service Endpoint appears
  • Select the “Service Endpoint” URL for the Service “Identity” (Please refer the screenshot below)

Steps to add AWS Account

CoreStack™ supports all services within AWS through its support for CFN Templates. You can also use HEAT Templates to orchestrate AWS. The services that can be orchestrated will be limited based on the access policies available for the IAM user provided.

Tip:

While you can orchestrate all functions without any limitations if you provide AWS root credentials, it is NOT a recommended practice. Create an IAM user with “Full Access” to the services that you intend to orchestrate.

 

Attributes required for adding an AWS Cloud Account in CoreStack™:

Attribute Name Attribute Description
Name Preferred Name for this Cloud Account. This will be reflected in the Dashboards and elsewhere within CoreStack™.
Description A free format text, describing this specific Cloud Account and what it will be used for. This is for your internal reference .
Access Key This is the unique “Access Key” given for the “CoreStack™” IAM User in your AWS account.(See Instructions below on how to create the IAM User and get this key value)
Secret Key This is the unique “Private Key” given for the “CoreStack” IAM User in your AWS account. (See Instructions below on how to create the IAM User and get this key value)

Instructions to create IAM User for CoreStack™ from AWS Console:

  • Login to your AWS account using root credentials or any user that has access to IAM Service
  • From the Services List, select “IAM” which can be found under Security, Identity & Compliance

 

  • Steps to create an IAM User for CoreStack™ to orchestrate your AWS account:
    1. Select Users in the side menu
    2. Click the Add User button

  • Provide a preferred User name such as “CoreStack”
  • It is important to select the checkbox for Programmatic Access since this is what CoreStack™ would be using

  • It is NOT required to check the AWS Management Console access – CoreStack™ will require to access your AWS Console UI
  • Click the Next:Permissions button at the right bottom
  • Steps to attach the right access policies for the CoreStack™ IAM User:
    • Select the option to Attach existing policies directly
    • Select the checkbox for Administrator Access to provide complete access to CoreStack™

    • Click the Next:Review button to proceed

    • Review the details and click the Create User button to complete user creation

    • You will see the success message and the access credentials as below:

  • Copy the Access Key ID visible on the screen above. This will be the Access Key that you will provide to CoreStack™
  • Click Show link under Secret access key and copy that detail. This will be the Secret Key that you will provide to CoreStack™
Note:
You can also use the “Download csv” option to download the Access & Secret key for future reference. This is recommended. You will NOT be able to download this later.

Steps to add Azure Account

CoreStack™ supports all services within Azure through its support for Azure Resource Manager Templates. The services that can be orchestrated will be limited based on the access policies available for the Application ID provided.

Note:

This document describes attaching Azure Resource Manager. If you need to connect Azure Classic Deployment, please contact support. We can enable it for specific customers as part of our Enterprise edition.

 

Attributes required for adding an Azure Cloud Account in CoreStack™:

Attribute Name Attribute Description
Name Preferred name for this cloud account. This will be reflected in the dashboards and elsewhere within CoreStack™.
Description A free format text, describing this specific cloud account and what it will be used for. This is for your internal reference.
Subscription Id This is the Subscription Id associated with your organization’s Azure account.(See Instructions below on where to get the Subscription Id from the Azure portal)
Application Id This is the identifier for the “App” that you create within Azure Active Directory (AD). Access Control is granted for this app to access your Azure Account and the access level can be different. (See Instructions below on how to create an Application in Azure AD)
Tenant Id A Tenant within Azure Active Directory (AD) is a representative of the organization that receives a dedicated instance of the AD service. The “Directory Id” available in the properties of the AD has to be used here as Tenant Id.(See Instructions below on how to get the Tenant Id / Directory Id from Azure Portal)
Application Secret This is also termed as the “Application Key”, which is similar to “Secret Key” used for AWS Accounts. This is required for Authentication. (See Instructions below on how to get the Application Secret / Key from Azure Portal)

Important Pre-requisites to use your Azure Account with CoreStack™:

Storage Account:
A valid Storage account should be created prior to the execution of template.

Resource Group:
Please ensure that you have a valid resource group added to your Azure account.

Network and Subnet:
A valid network and a subnet configured in the location where you want to provision a VM.

Access to Resource Providers:
Please ensure that the subscription has access to the Microsoft.Compute and Microsoft.Network services. The resource provider name and service will depend on the type of services to be provisioned.

Please refer to the common errors and related configurations in the below link:

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-common-deployment-errors#noregisteredproviderfound

Instructions to get required values from Microsoft Azure Portal:

Getting Subscription Id:

The “Subscription Id” can be copied from the “Subscriptions” page. There are multiple ways to reach this page:

  • Click the Subscriptions icon (looks like a key) in the side menu

  • Select Billing from the side menu and then select the preferred Subscription

Use the search option at the top and just search for “Subscriptions”
Once you get there, you can get the Subscription Id (refer screenshot below):
Getting the Application Id:

  • Select Azure Active Directory from the side menu
  • Select App Registrations

  • If you already have a list of applications and would like to connect one of them, just click on the application that you prefer to use:

  • If you do NOT have any applications created yet, you can create one as shown below:
      • Click on New Application Registration

      • Provide details for the New Application as shown in the example below:

      • Click the Create button
      • Once the application is created, it will get listed as below and you can copy the Application Id now.

      Getting the Application Secret (key):

      • Refer the above topic to create / navigate to Applications under your Azure Active Directory
      • Select the Application and you will see the details as below:

      • In the Settings tab on the right, Keys is present under the API Access settings
      • Create a new key for this application. Provide a Key description with any text of max 16 characters and select the duration as 1 year. Hit Save above.
      • The screen appears as shown below. Copy the Key value. It is IMPORTANT to do it now since you will NOT be able to retrieve it again. (You can always create a new key if required)

      • The copied key value is to be provided to CoreStack™ as the Application Secret

      Getting the Tenant Id:

      • Click Azure Active Directory in the side menu to see the sub-menu listed as below

      • Scroll down the Sub-Menu to find Properties and click it

      Upon clicking the following details appear:

      • Copy the Directory ID which is also referred to as the Tenant Id

      Providing permission to the Application:

        • Ensure that the user has the required access permissions to the application, by navigating to Subscriptions > Access Control (IAM) > Add Permissions
        • Select Role as Owner and choose the Application that you are adding to CoreStack™

      Steps to add Oracle Account

      Attributes required for adding an Oracle Cloud Account in CoreStack™:

      Attribute Name Attribute Description
      Name Preferred name for this cloud account. This will be reflected in the dashboards and elsewhere within CoreStack™.
      Description A free format text, describing this specific cloud account and what it will be used for. This is for your internal reference.
      Username Username of the given Oracle Cloud account (same as what you use for logging into Oracle Cloud Console)

      (Note: Username should be specified in the given format /<Service Name>-<Identity domain>/<User Id>

      Example: /compute-identity1/abc.xyz@company1.com

      Password Password of the given Oracle Cloud account (same as what you use for logging into Oracle Cloud Console).
      Auth URL Auth URL may vary for each account, please refer the following link to find the Auth URL specific to your account.https://docs.oracle.com/en/cloud/iaas/compute-iaas-cloud/stcsa/SendRequests.html
      The steps to add the account are the same as mentioned above:
      • Click Settings (gear) icon
      • In the drop-down that appears, select Cloud Accounts
      • In the screen that appears, click Oracle
      • Enter the details as shown: